2 * Copyright (c) 2012-2014 Apple Inc. All Rights Reserved.
4 * @APPLE_LICENSE_HEADER_START@
6 * This file contains Original Code and/or Modifications of Original Code
7 * as defined in and that are subject to the Apple Public Source License
8 * Version 2.0 (the 'License'). You may not use this file except in
9 * compliance with the License. Please obtain a copy of the License at
10 * http://www.opensource.apple.com/apsl/ and read it before using this
13 * The Original Code and all software distributed under the License are
14 * distributed on an 'AS IS' basis, WITHOUT WARRANTY OF ANY KIND, EITHER
15 * EXPRESS OR IMPLIED, AND APPLE HEREBY DISCLAIMS ALL SUCH WARRANTIES,
16 * INCLUDING WITHOUT LIMITATION, ANY WARRANTIES OF MERCHANTABILITY,
17 * FITNESS FOR A PARTICULAR PURPOSE, QUIET ENJOYMENT OR NON-INFRINGEMENT.
18 * Please see the License for the specific language governing rights and
19 * limitations under the License.
21 * @APPLE_LICENSE_HEADER_END@
25 #include <AssertMacros.h>
26 #include <TargetConditionals.h>
28 #include <Security/SecureObjectSync/SOSPeerInfo.h>
29 #include "keychain/SecureObjectSync/SOSPeerInfoInternal.h"
30 #include "keychain/SecureObjectSync/SOSPeerInfoPriv.h"
31 #include "keychain/SecureObjectSync/SOSPeerInfoV2.h"
32 #include "keychain/SecureObjectSync/SOSCircle.h"
33 #include "keychain/SecureObjectSync/SOSInternal.h"
34 #include <ipc/securityd_client.h>
36 #include <CoreFoundation/CFArray.h>
37 #include <dispatch/dispatch.h>
42 #include <utilities/SecCFWrappers.h>
43 #include <utilities/SecCFRelease.h>
44 #include <utilities/SecCFError.h>
45 #include <utilities/SecXPCError.h>
47 #include <utilities/der_plist.h>
48 #include <utilities/der_plist_internal.h>
49 #include <corecrypto/ccder.h>
50 #include <utilities/der_date.h>
52 #include <corecrypto/ccdigest.h>
53 #include <corecrypto/ccsha2.h>
56 #include <CoreFoundation/CoreFoundation.h>
57 #include <CoreFoundation/CFDate.h>
62 #include <MobileGestalt.h>
65 #include <Security/SecBase64.h>
66 #include <Security/SecKeyPriv.h>
67 #include <Security/SecOTR.h>
68 #include <Security/SecuritydXPC.h>
70 CFGiblisWithHashFor(SOSPeerInfo);
73 const CFStringRef kPIUserDefinedDeviceNameKey = CFSTR("ComputerName");
74 const CFStringRef kPIDeviceModelNameKey = CFSTR("ModelName");
75 const CFStringRef kPIMessageProtocolVersionKey = CFSTR("MessageProtocolVersion");
76 const CFStringRef kPIOSVersionKey = CFSTR("OSVersion");
78 // Description Dictionary Entries
79 static CFStringRef sPublicKeyKey = CFSTR("PublicSigningKey");
80 static CFStringRef sOctagonPeerSigningPublicKeyKey = CFSTR("OctagonPublicSigningKey");
81 static CFStringRef sOctagonPeerEncryptionPublicKeyKey = CFSTR("OctagonPublicEncryptionKey");
82 const CFStringRef sGestaltKey = CFSTR("DeviceGestalt");
83 const CFStringRef sVersionKey = CFSTR("ConflictVersion");
84 static CFStringRef sCloudIdentityKey = CFSTR("CloudIdentity");
85 static CFStringRef sApplicationDate = CFSTR("ApplicationDate");
86 static CFStringRef sApplicationUsig = CFSTR("ApplicationUsig");
87 static CFStringRef sRetirementDate = CFSTR("RetirementDate");
90 CFStringRef kSOSPeerInfoDescriptionKey = CFSTR("SOSPeerInfoDescription");
91 CFStringRef kSOSPeerInfoSignatureKey = CFSTR("SOSPeerInfoSignature");
92 CFStringRef kSOSPeerInfoNameKey = CFSTR("SOSPeerInfoName");
94 //Peer Info V2 Dictionary IDS keys
95 CFStringRef sPreferIDS = CFSTR("PreferIDS");
96 CFStringRef sPreferIDSFragmentation = CFSTR("PreferIDFragmentation");
97 CFStringRef sPreferIDSACKModel = CFSTR("PreferIDSAckModel");
98 CFStringRef sTransportType = CFSTR("TransportType");
99 CFStringRef sDeviceID = CFSTR("DeviceID");
101 const CFStringRef peerIDLengthKey = CFSTR("idLength");
103 SOSPeerInfoRef SOSPeerInfoAllocate(CFAllocatorRef allocator) {
104 return CFTypeAllocate(SOSPeerInfo, struct __OpaqueSOSPeerInfo, allocator);
107 static SecKeyRef _SOSPeerInfoCopyPubKey(SOSPeerInfoRef peer, CFStringRef keyDictionaryKey, CFErrorRef* error)
109 SecKeyRef result = NULL;
111 CFDataRef pubKeyBytes = asData(CFDictionaryGetValue(peer->description, keyDictionaryKey), error);
112 require_quiet(pubKeyBytes, fail);
114 CFAllocatorRef allocator = CFGetAllocator(peer);
115 result = SecKeyCreateFromPublicData(allocator, kSecECDSAAlgorithmID, pubKeyBytes);
117 require_quiet(SecAllocationError(result, error, CFSTR("Failed to create public key from data %@"), pubKeyBytes), fail);
123 SecKeyRef SOSPeerInfoCopyPubKey(SOSPeerInfoRef peer, CFErrorRef* error) {
124 return _SOSPeerInfoCopyPubKey(peer, sPublicKeyKey, error);
127 SecKeyRef SOSPeerInfoCopyOctagonSigningPublicKey(SOSPeerInfoRef peer, CFErrorRef* error)
129 return _SOSPeerInfoCopyPubKey(peer, sOctagonPeerSigningPublicKeyKey, error);
132 SecKeyRef SOSPeerInfoCopyOctagonEncryptionPublicKey(SOSPeerInfoRef peer, CFErrorRef* error)
134 return _SOSPeerInfoCopyPubKey(peer, sOctagonPeerEncryptionPublicKeyKey, error);
138 CFDataRef SOSPeerInfoGetAutoAcceptInfo(SOSPeerInfoRef peer) {
139 CFDataRef pubKeyBytes = NULL;
141 pubKeyBytes = CFDictionaryGetValue(peer->description, sPublicKeyKey);
142 if (!pubKeyBytes || CFGetTypeID(pubKeyBytes) != CFDataGetTypeID()) {
149 static bool SOSDescriptionHash(SOSPeerInfoRef peer, const struct ccdigest_info *di, void *hashresult, CFErrorRef *error) {
150 ccdigest_di_decl(di, ctx);
151 ccdigest_init(di, ctx);
153 if(!SOSPeerInfoUpdateDigestWithDescription(peer, di, ctx_p, error)) return false;
154 ccdigest_final(di, ctx, hashresult);
160 static CFDataRef sosCopySignedHash(SecKeyRef privkey, const struct ccdigest_info *di, uint8_t *hbuf) {
162 size_t siglen = SIGLEN;
164 if((stat = SecKeyRawSign(privkey, kSecPaddingNone, hbuf, di->output_size, sig, &siglen)) != 0) {
167 return CFDataCreate(NULL, sig, (CFIndex)siglen);
170 static bool sosVerifyHash(SecKeyRef pubkey, const struct ccdigest_info *di, uint8_t *hbuf, CFDataRef signature) {
171 return SecKeyRawVerify(pubkey, kSecPaddingNone, hbuf, di->output_size,
172 CFDataGetBytePtr(signature), CFDataGetLength(signature)) == errSecSuccess;
175 bool SOSPeerInfoSign(SecKeyRef privKey, SOSPeerInfoRef peer, CFErrorRef *error) {
177 const struct ccdigest_info *di = ccsha256_di();
178 uint8_t hbuf[di->output_size];
179 CFDataRef newSignature = NULL;
181 require_action_quiet(SOSDescriptionHash(peer, di, hbuf, error), fail,
182 SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Failed to hash description for peer"), NULL, error));
184 newSignature = sosCopySignedHash(privKey, di, hbuf);
185 require_action_quiet(newSignature, fail, SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Failed to sign peerinfo for peer"), NULL, error));
187 CFReleaseNull(peer->signature);
188 peer->signature = newSignature;
193 CFReleaseNull(newSignature);
197 // Return true (1) if the signature verifies.
198 bool SOSPeerInfoVerify(SOSPeerInfoRef peer, CFErrorRef *error) {
200 const struct ccdigest_info *di = ccsha256_di();
201 uint8_t hbuf[di->output_size];
203 SecKeyRef pubKey = SOSPeerInfoCopyPubKey(peer, error);
204 require_quiet(pubKey, error_out);
206 require_quiet(SOSDescriptionHash(peer, di, hbuf, error), error_out);
208 require_action_quiet(sosVerifyHash(pubKey, di, hbuf, peer->signature), error_out,
209 SOSErrorCreate(kSOSErrorBadSignature, error, NULL,
210 CFSTR("Signature didn't verify for %@"), peer));
214 CFReleaseNull(pubKey);
218 void SOSPeerInfoSetVersionNumber(SOSPeerInfoRef pi, int version) {
219 pi->version = version;
220 CFNumberRef versionNumber = CFNumberCreateWithCFIndex(NULL, pi->version);
221 CFDictionarySetValue(pi->description, sVersionKey, versionNumber);
222 CFReleaseNull(versionNumber);
225 static SOSPeerInfoRef SOSPeerInfoCreate_Internal(CFAllocatorRef allocator,
226 CFDictionaryRef gestalt, CFDataRef backup_key,
227 CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS,
228 CFBooleanRef preferFragmentation, CFBooleanRef preferAckModel,
229 CFSetRef enabledViews,
230 SecKeyRef signingKey,
231 SecKeyRef octagonPeerSigningKey,
232 SecKeyRef octagonPeerEncryptionKey,
234 void (^ description_modifier)(CFMutableDictionaryRef description)) {
235 SOSPeerInfoRef pi = CFTypeAllocate(SOSPeerInfo, struct __OpaqueSOSPeerInfo, allocator);
236 pi->gestalt = gestalt;
237 CFRetain(pi->gestalt);
239 pi->version = SOSPeerInfoGetPeerProtocolVersion(pi);
240 CFDataRef publicBytes = NULL;
241 CFDataRef octagonPeerSigningPublicBytes = NULL;
242 CFDataRef octagonPeerEncryptionPublicBytes = NULL;
243 CFNumberRef versionNumber = NULL;
245 SecKeyRef publicKey = SecKeyCreatePublicFromPrivate(signingKey);
246 if (publicKey == NULL) {
247 SOSCreateError(kSOSErrorBadKey, CFSTR("Unable to get public"), NULL, error);
252 OSStatus result = SecKeyCopyPublicBytes(publicKey, &publicBytes);
254 if (result != errSecSuccess) {
255 SOSCreateError(kSOSErrorBadKey, CFSTR("Failed to export public bytes"), NULL, error);
260 if (octagonPeerSigningKey) {
261 SecKeyRef octagonPeerSigningPublicKey = SecKeyCreatePublicFromPrivate(octagonPeerSigningKey);
262 if (octagonPeerSigningPublicKey == NULL) {
263 SOSCreateError(kSOSErrorBadKey, CFSTR("Unable to get public key"), NULL, error);
268 result = SecKeyCopyPublicBytes(octagonPeerSigningPublicKey, &octagonPeerSigningPublicBytes);
269 CFReleaseNull(octagonPeerSigningPublicKey);
270 if (result != errSecSuccess) {
271 SOSCreateError(kSOSErrorBadKey, CFSTR("Failed to export public bytes"), NULL, error);
277 if (octagonPeerEncryptionKey) {
278 SecKeyRef octagonPeerEncryptionPublicKey = SecKeyCreatePublicFromPrivate(octagonPeerEncryptionKey);
279 if (octagonPeerEncryptionPublicKey == NULL) {
280 SOSCreateError(kSOSErrorBadKey, CFSTR("Unable to get public key"), NULL, error);
285 result = SecKeyCopyPublicBytes(octagonPeerEncryptionPublicKey, &octagonPeerEncryptionPublicBytes);
286 CFReleaseNull(octagonPeerEncryptionPublicKey);
287 if (result != errSecSuccess) {
288 SOSCreateError(kSOSErrorBadKey, CFSTR("Failed to export public bytes"), NULL, error);
294 pi->signature = CFDataCreateMutable(allocator, 0);
296 versionNumber = CFNumberCreateWithCFIndex(NULL, pi->version);
298 pi->description = CFDictionaryCreateMutableForCFTypesWith(allocator,
299 sVersionKey, versionNumber,
300 sPublicKeyKey, publicBytes,
301 sGestaltKey, pi->gestalt,
303 if (octagonPeerSigningPublicBytes) {
304 CFDictionarySetValue(pi->description, sOctagonPeerSigningPublicKeyKey, octagonPeerSigningPublicBytes);
306 if (octagonPeerEncryptionPublicBytes) {
307 CFDictionarySetValue(pi->description, sOctagonPeerEncryptionPublicKeyKey, octagonPeerEncryptionPublicBytes);
311 description_modifier(pi->description);
313 pi->peerID = SOSCopyIDOfKey(publicKey, error);
315 pi->verifiedAppKeyID = NULL;
316 pi->verifiedResult = false;
318 require_quiet(pi->peerID, exit);
320 // ================ V2 Additions Start
322 if(!SOSPeerInfoUpdateToV2(pi, error)) {
327 // V2DictionarySetValue handles NULL as remove
328 if (backup_key != NULL) SOSPeerInfoV2DictionarySetValue(pi, sBackupKeyKey, backup_key);
329 SOSPeerInfoV2DictionarySetValue(pi, sViewsKey, enabledViews);
331 // ================ V2 Additions End
333 if (!SOSPeerInfoSign(signingKey, pi, error)) {
339 CFReleaseNull(versionNumber);
340 CFReleaseNull(publicKey);
341 CFReleaseNull(publicBytes);
342 CFReleaseNull(octagonPeerSigningPublicBytes);
343 CFReleaseNull(octagonPeerEncryptionPublicBytes);
347 SOSPeerInfoRef SOSPeerInfoCreate(CFAllocatorRef allocator, CFDictionaryRef gestalt, CFDataRef backup_key, SecKeyRef signingKey, SecKeyRef octagonPeerSigningKey, SecKeyRef octagonPeerEncryptionKey, CFErrorRef* error) {
348 return SOSPeerInfoCreate_Internal(allocator, gestalt, backup_key, NULL, NULL, NULL, NULL, NULL, NULL, signingKey, octagonPeerSigningKey, octagonPeerEncryptionKey, error, ^(CFMutableDictionaryRef description) {});
351 SOSPeerInfoRef SOSPeerInfoCreateWithTransportAndViews(CFAllocatorRef allocator, CFDictionaryRef gestalt, CFDataRef backup_key,
352 CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS,
353 CFBooleanRef preferFragmentation, CFBooleanRef preferAckModel, CFSetRef enabledViews,
354 SecKeyRef signingKey,
355 SecKeyRef octagonPeerSigningKey,
356 SecKeyRef octagonPeerEncryptionKey,
359 return SOSPeerInfoCreate_Internal(allocator, gestalt, backup_key, IDSID, transportType, preferIDS, preferFragmentation, preferAckModel, enabledViews, signingKey, octagonPeerSigningKey, octagonPeerEncryptionKey, error, ^(CFMutableDictionaryRef description) {});
363 SOSPeerInfoRef SOSPeerInfoCreateCloudIdentity(CFAllocatorRef allocator, CFDictionaryRef gestalt, SecKeyRef signingKey, CFErrorRef* error) {
364 return SOSPeerInfoCreate_Internal(allocator, gestalt, NULL, NULL, NULL, NULL, NULL, NULL, NULL, signingKey, NULL, NULL, error, ^(CFMutableDictionaryRef description) {
365 CFDictionarySetValue(description, sCloudIdentityKey, kCFBooleanTrue);
371 SOSPeerInfoRef SOSPeerInfoCreateCopy(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFErrorRef* error) {
372 if(!toCopy) return NULL;
373 SOSPeerInfoRef pi = CFTypeAllocate(SOSPeerInfo, struct __OpaqueSOSPeerInfo, allocator);
375 pi->description = CFDictionaryCreateMutableCopy(allocator, 0, toCopy->description);
376 pi->signature = CFDataCreateCopy(allocator, toCopy->signature);
378 pi->gestalt = CFDictionaryCreateCopy(allocator, toCopy->gestalt);
379 pi->peerID = CFStringCreateCopy(allocator, toCopy->peerID);
380 pi->verifiedAppKeyID = NULL; // The peer resulting from this will need to be re-evaluated for an application signature.
381 pi->verifiedResult = false;
383 pi->version = toCopy->version;
384 if(!SOSPeerInfoVersionHasV2Data(pi)) SOSPeerInfoExpandV2Data(pi, error);
390 bool SOSPeerInfoVersionIsCurrent(SOSPeerInfoRef pi) {
391 return pi->version >= PEERINFO_CURRENT_VERSION;
394 bool SOSPeerInfoVersionHasV2Data(SOSPeerInfoRef pi) {
395 return pi->version >= kSOSPeerV2BaseVersion;
398 SOSPeerInfoRef SOSPeerInfoCreateCurrentCopy(CFAllocatorRef allocator, SOSPeerInfoRef toCopy,
399 CFStringRef IDSID, CFStringRef transportType, CFBooleanRef preferIDS, CFBooleanRef preferFragmentation, CFBooleanRef preferAckModel, CFSetRef enabledViews,
400 SecKeyRef signingKey, CFErrorRef* error) {
402 SOSPeerInfoRef pi = SOSPeerInfoCreateCopy(allocator, toCopy, error);
403 if(!SOSPeerInfoVersionHasV2Data(pi)) SOSPeerInfoUpdateToV2(pi, error);
406 SOSPeerInfoV2DictionarySetValue(pi, sViewsKey, enabledViews);
409 if(!SOSPeerInfoSign(signingKey, pi, error)) {
417 static SOSPeerInfoRef SOSPeerInfoCopyWithModification(CFAllocatorRef allocator, SOSPeerInfoRef original,
418 SecKeyRef signingKey, CFErrorRef *error,
419 bool (^modification)(SOSPeerInfoRef peerToModify, CFErrorRef *error)) {
421 SOSPeerInfoRef result = NULL;
422 SOSPeerInfoRef copy = SOSPeerInfoCreateCopy(allocator, original, error);
424 require_quiet(modification(copy, error), fail);
426 require_quiet(SOSPeerInfoSign(signingKey, copy, error), fail);
428 CFTransferRetained(result, copy);
436 SOSPeerInfoRef SOSPeerInfoCopyWithGestaltUpdate(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFDictionaryRef gestalt, SecKeyRef signingKey, CFErrorRef* error) {
437 return SOSPeerInfoCopyWithModification(allocator, toCopy, signingKey, error,
438 ^bool(SOSPeerInfoRef peerToModify, CFErrorRef *error) {
439 if(!gestalt || !peerToModify) return false;
440 CFRetainAssign(peerToModify->gestalt, gestalt);
441 CFDictionarySetValue(peerToModify->description, sGestaltKey, peerToModify->gestalt);
448 SOSPeerInfoRef SOSPeerInfoCopyWithBackupKeyUpdate(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFDataRef backupKey, SecKeyRef signingKey, CFErrorRef *error) {
449 return SOSPeerInfoCopyWithModification(allocator, toCopy, signingKey, error,
450 ^bool(SOSPeerInfoRef peerToModify, CFErrorRef *error) {
451 if (backupKey != NULL)
452 SOSPeerInfoV2DictionarySetValue(peerToModify, sBackupKeyKey, backupKey);
454 SOSPeerInfoV2DictionaryRemoveValue(peerToModify, sBackupKeyKey);
459 static CFDictionaryRef SOSPeerInfoUpdateAndCopyRecord(SOSPeerInfoRef peer, CFStringRef dsid, CFDictionaryRef escrowRecord){
461 CFMutableDictionaryRef existingEscrowRecords = SOSPeerInfoCopyEscrowRecord(peer);
463 if(escrowRecord == NULL && existingEscrowRecords != NULL)
465 CFDictionaryRemoveValue(existingEscrowRecords, dsid);
466 return existingEscrowRecords;
469 if(existingEscrowRecords == NULL)
470 existingEscrowRecords = CFDictionaryCreateMutableForCFTypes(kCFAllocatorDefault);
472 CFDictionarySetValue(existingEscrowRecords, dsid, escrowRecord);
474 return existingEscrowRecords;
478 SOSPeerInfoRef SOSPeerInfoCopyWithEscrowRecordUpdate(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFStringRef dsid, CFDictionaryRef escrowRecord, SecKeyRef signingKey, CFErrorRef *error) {
479 return SOSPeerInfoCopyWithModification(allocator, toCopy, signingKey, error,
480 ^bool(SOSPeerInfoRef peerToModify, CFErrorRef *error) {
482 CFDictionaryRef updatedEscrowRecords = SOSPeerInfoUpdateAndCopyRecord(peerToModify, dsid, escrowRecord);
483 SOSPeerInfoV2DictionarySetValue(peerToModify, sEscrowRecord, updatedEscrowRecords);
484 CFReleaseNull(updatedEscrowRecords);
489 SOSPeerInfoRef SOSPeerInfoCopyWithReplacedEscrowRecords(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, CFDictionaryRef escrowRecords, SecKeyRef signingKey, CFErrorRef *error) {
490 return SOSPeerInfoCopyWithModification(allocator, toCopy, signingKey, error,
491 ^bool(SOSPeerInfoRef peerToModify, CFErrorRef *error) {
492 if(escrowRecords != NULL)
493 SOSPeerInfoV2DictionarySetValue(peerToModify, sEscrowRecord, escrowRecords);
499 CFDataRef SOSPeerInfoCopyBackupKey(SOSPeerInfoRef peer) {
500 return SOSPeerInfoV2DictionaryCopyData(peer, sBackupKeyKey);
503 CFMutableDictionaryRef SOSPeerInfoCopyEscrowRecord(SOSPeerInfoRef peer){
504 return SOSPeerInfoV2DictionaryCopyDictionary(peer, sEscrowRecord);
507 bool SOSPeerInfoHasBackupKey(SOSPeerInfoRef peer) {
508 CFDataRef bk = SOSPeerInfoCopyBackupKey(peer);
509 bool success = bk != NULL;
514 SOSPeerInfoRef SOSPeerInfoCopyWithViewsChange(CFAllocatorRef allocator, SOSPeerInfoRef toCopy,
515 SOSViewActionCode action, CFStringRef viewname, SOSViewResultCode *retval,
516 SecKeyRef signingKey, CFErrorRef* error) {
517 SOSPeerInfoRef pi = SOSPeerInfoCreateCopy(allocator, toCopy, error);
518 if(action == kSOSCCViewEnable) {
519 *retval = SOSViewsEnable(pi, viewname, error);
520 require((kSOSCCViewMember == *retval), exit);
521 } else if(action == kSOSCCViewDisable) {
522 *retval = SOSViewsDisable(pi, viewname, error);
523 require((kSOSCCViewNotMember == *retval), exit);
526 require_action_quiet(SOSPeerInfoSign(signingKey, pi, error), exit, *retval = kSOSCCGeneralViewError);
535 CFStringRef sPingKey = CFSTR("Ping");
537 SOSPeerInfoRef SOSPeerInfoCopyWithPing(CFAllocatorRef allocator, SOSPeerInfoRef toCopy, SecKeyRef signingKey, CFErrorRef* error) {
538 SOSPeerInfoRef pi = SOSPeerInfoCreateCopy(allocator, toCopy, error);
539 CFDataRef ping = CFDataCreateWithRandomBytes(8);
540 SOSPeerInfoV2DictionarySetValue(pi, sPingKey, ping);
541 SecKeyRef pub_key = SOSPeerInfoCopyPubKey(pi, error);
542 require_quiet(pub_key, exit);
543 pi->peerID = SOSCopyIDOfKey(pub_key, error);
544 require_quiet(pi->peerID, exit);
545 require_action_quiet(SOSPeerInfoSign(signingKey, pi, error), exit, CFReleaseNull(pi));
548 CFReleaseNull(pub_key);
553 SOSViewResultCode SOSPeerInfoViewStatus(SOSPeerInfoRef pi, CFStringRef view, CFErrorRef *error) {
554 return SOSViewsQuery(pi, view, error);
557 static void SOSPeerInfoDestroy(CFTypeRef aObj) {
558 SOSPeerInfoRef pi = (SOSPeerInfoRef) aObj;
561 CFReleaseNull(pi->description);
562 CFReleaseNull(pi->signature);
563 CFReleaseNull(pi->gestalt);
564 CFReleaseNull(pi->peerID);
565 CFReleaseNull(pi->v2Dictionary);
566 CFReleaseNull(pi->verifiedAppKeyID);
567 pi->verifiedResult = false;
570 static Boolean SOSPeerInfoCompare(CFTypeRef lhs, CFTypeRef rhs) {
571 SOSPeerInfoRef lpeer = (SOSPeerInfoRef) lhs;
572 SOSPeerInfoRef rpeer = (SOSPeerInfoRef) rhs;
573 if(!lpeer || !rpeer) return false;
574 return CFEqualSafe(lpeer->description, rpeer->description) && CFEqualSafe(lpeer->signature, rpeer->signature);
578 CFComparisonResult SOSPeerInfoCompareByID(const void *val1, const void *val2, void *context) {
579 // The code below is necessary but not sufficient; not returning a CFComparisonResult
580 // It probably is OK to say that a NULL is < <non-NULL>
581 if (val1 == NULL || val2 == NULL) {
582 ptrdiff_t dv = val1 - val2;
583 return dv < 0 ? kCFCompareLessThan : dv == 0 ? kCFCompareEqualTo : kCFCompareGreaterThan;
586 CFStringRef v1 = SOSPeerInfoGetPeerID((SOSPeerInfoRef) val1);
587 CFStringRef v2 = SOSPeerInfoGetPeerID((SOSPeerInfoRef) val2);
588 if (v1 == NULL || v2 == NULL) {
589 ptrdiff_t dv = (const void *)v1 - (const void *)v2;
590 return dv < 0 ? kCFCompareLessThan : dv == 0 ? kCFCompareEqualTo : kCFCompareGreaterThan;
593 return CFStringCompare(v1, v2, 0);
597 CFComparisonResult SOSPeerInfoCompareByApplicationDate(const void *val1, const void *val2, void *context) {
598 // The code below is necessary but not sufficient; not returning a CFComparisonResult
599 // It probably is OK to say that a NULL is < <non-NULL>
600 if (val1 == NULL || val2 == NULL) {
601 ptrdiff_t dv = val1 - val2;
602 return dv < 0 ? kCFCompareLessThan : dv == 0 ? kCFCompareEqualTo : kCFCompareGreaterThan;
605 CFDateRef v1 = SOSPeerInfoGetApplicationDate((SOSPeerInfoRef) val1);
606 CFDateRef v2 = SOSPeerInfoGetApplicationDate((SOSPeerInfoRef) val2);
607 if (v1 == NULL || v2 == NULL) {
608 ptrdiff_t dv = (const void *)v1 - (const void *)v2;
611 return dv < 0 ? kCFCompareLessThan : dv == 0 ? kCFCompareEqualTo : kCFCompareGreaterThan;
614 CFComparisonResult retval = CFDateCompare(v1, v2, 0);
620 static CFHashCode SOSPeerInfoHash(CFTypeRef cf) {
621 SOSPeerInfoRef peer = (SOSPeerInfoRef) cf;
623 return CFHash(peer->description) ^ CFHash(peer->signature);
627 static char boolToChars(bool val, char truechar, char falsechar) {
628 return val? truechar: falsechar;
631 static CFStringRef isKnown(CFStringRef ref) {
632 return ref? ref: CFSTR("Unknown ");
635 static CFStringRef copyDescriptionWithFormatOptions(CFTypeRef aObj, CFDictionaryRef formatOptions){
637 SOSPeerInfoRef pi = (SOSPeerInfoRef) aObj;
640 CFStringRef description = NULL;
641 // Get the format options we care about:
642 bool retired = SOSPeerInfoIsRetirementTicket(pi);
643 bool selfValid = SOSPeerInfoVerify(pi, NULL);
644 bool backingUp = SOSPeerInfoHasBackupKey(pi);
645 bool isKVS = SOSPeerInfoKVSOnly(pi);
646 CFStringRef osVersion = CFDictionaryGetValue(pi->gestalt, kPIOSVersionKey);
647 CFStringRef tmp = SOSPeerInfoV2DictionaryCopyString(pi, sDeviceID);
648 CFStringRef deviceID = CFStringCreateTruncatedCopy(tmp, 8);
650 CFStringRef serialNum = SOSPeerInfoCopySerialNumber(pi);
651 CFStringRef peerID = CFStringCreateTruncatedCopy(SOSPeerInfoGetPeerID(pi), 8);
653 // Calculate the truncated length
655 CFStringRef objectPrefix = CFStringCreateWithFormat(kCFAllocatorDefault, formatOptions, CFSTR("PI@%p"), pi);
657 description = CFStringCreateWithFormat(kCFAllocatorDefault, formatOptions,
658 CFSTR("<%@: [name: %20@] [%c%c%c%c%c%c%c] [type: %-20@] [spid: %8@] [os: %10@] [devid: %10@] [serial: %12@]"),
660 isKnown(SOSPeerInfoGetPeerName(pi)),
663 boolToChars(selfValid, 'S', 's'),
664 boolToChars(retired, 'R', 'r'),
665 boolToChars(backingUp, 'B', 'b'),
666 boolToChars(isKVS, 'K', 'I'),
668 isKnown(SOSPeerInfoGetPeerDeviceType(pi)), isKnown(peerID),
669 isKnown(osVersion), isKnown(deviceID), isKnown(serialNum));
671 CFReleaseNull(peerID);
672 CFReleaseNull(deviceID);
673 CFReleaseNull(serialNum);
674 CFReleaseNull(objectPrefix);
679 static CFStringRef SOSPeerInfoCopyFormatDescription(CFTypeRef aObj, CFDictionaryRef formatOptions) {
681 CFStringRef description = NULL;
683 description = copyDescriptionWithFormatOptions(aObj, formatOptions);
688 void SOSPeerInfoLogState(char *category, SOSPeerInfoRef pi, SecKeyRef pubKey, CFStringRef myPID, char sigchr) {
690 bool appValid = SOSPeerInfoApplicationVerify(pi, pubKey, NULL);
691 bool retired = SOSPeerInfoIsRetirementTicket(pi);
692 // We won't inflate invalid peerInfos. Mark this true to keep scanning utilities from breaking.
693 bool selfValid = true;
694 bool backingUp = SOSPeerInfoHasBackupKey(pi);
695 bool isMe = CFEqualSafe(SOSPeerInfoGetPeerID(pi), myPID) == true;
696 bool isKVS = SOSPeerInfoKVSOnly(pi);
697 CFStringRef osVersion = CFDictionaryGetValue(pi->gestalt, kPIOSVersionKey);
698 CFStringRef tmp = SOSPeerInfoV2DictionaryCopyString(pi, sDeviceID);
699 CFStringRef deviceID = CFStringCreateTruncatedCopy(tmp, 8);
701 CFStringRef serialNum = SOSPeerInfoCopySerialNumber(pi);
702 CFStringRef peerID = CFStringCreateTruncatedCopy(SOSPeerInfoGetPeerID(pi), 8);
704 secnotice(category, "PI: [name: %-20@] [%c%c%c%c%c%c%c] [type: %-20@] [spid: %8@] [os: %10@] [devid: %10@] [serial: %12@]", isKnown(SOSPeerInfoGetPeerName(pi)),
705 boolToChars(isMe, 'M', 'm'),
706 boolToChars(appValid, 'A', 'a'),
707 boolToChars(selfValid, 'S', 's'),
708 boolToChars(retired, 'R', 'r'),
709 boolToChars(backingUp, 'B', 'b'),
710 boolToChars(isKVS, 'K', 'I'),
712 isKnown(SOSPeerInfoGetPeerDeviceType(pi)), isKnown(peerID),
713 isKnown(osVersion), isKnown(deviceID), isKnown(serialNum));
715 CFReleaseNull(peerID);
716 CFReleaseNull(deviceID);
717 CFReleaseNull(serialNum);
720 CFDictionaryRef SOSPeerInfoCopyPeerGestalt(SOSPeerInfoRef pi) {
721 CFRetain(pi->gestalt);
725 CFDictionaryRef SOSPeerGetGestalt(SOSPeerInfoRef pi){
729 CFStringRef SOSPeerInfoGetPeerName(SOSPeerInfoRef peer) {
730 return SOSPeerInfoLookupGestaltValue(peer, kPIUserDefinedDeviceNameKey);
733 CFStringRef SOSPeerInfoGetPeerDeviceType(SOSPeerInfoRef peer) {
734 return SOSPeerInfoLookupGestaltValue(peer, kPIDeviceModelNameKey);
737 CFIndex SOSPeerInfoGetPeerProtocolVersion(SOSPeerInfoRef peer) {
738 CFIndex version = PEERINFO_CURRENT_VERSION;
739 CFTypeRef val = SOSPeerInfoLookupGestaltValue(peer, kPIMessageProtocolVersionKey);
740 if (val && CFGetTypeID(val) == CFNumberGetTypeID())
741 CFNumberGetValue(val, kCFNumberCFIndexType, &version);
745 CFTypeRef SOSPeerInfoLookupGestaltValue(SOSPeerInfoRef pi, CFStringRef key) {
746 return CFDictionaryGetValue(pi->gestalt, key);
749 CFStringRef SOSPeerInfoGetPeerID(SOSPeerInfoRef pi) {
750 return pi ? pi->peerID : NULL;
753 bool SOSPeerInfoPeerIDEqual(SOSPeerInfoRef pi, CFStringRef myPeerID) {
754 return CFEqualSafe(myPeerID, SOSPeerInfoGetPeerID(pi));
757 CFIndex SOSPeerInfoGetVersion(SOSPeerInfoRef pi) {
761 bool SOSPeerInfoUpdateDigestWithPublicKeyBytes(SOSPeerInfoRef peer, const struct ccdigest_info *di,
762 ccdigest_ctx_t ctx, CFErrorRef *error) {
763 CFDataRef pubKeyBytes = CFDictionaryGetValue(peer->description, sPublicKeyKey);
766 SOSCreateErrorWithFormat(kSOSErrorEncodeFailure, NULL, error, NULL, CFSTR("Digest failed – no public key"));
770 ccdigest_update(di, ctx, CFDataGetLength(pubKeyBytes), CFDataGetBytePtr(pubKeyBytes));
775 bool SOSPeerInfoUpdateDigestWithDescription(SOSPeerInfoRef peer, const struct ccdigest_info *di,
776 ccdigest_ctx_t ctx, CFErrorRef *error) {
777 if(SOSPeerInfoVersionHasV2Data(peer)) SOSPeerInfoPackV2Data(peer);
778 size_t description_size = der_sizeof_plist(peer->description, error);
779 if (description_size == 0) {
780 SOSCreateErrorWithFormat(kSOSErrorEncodeFailure, NULL, error, NULL, CFSTR("Description length failed"));
784 uint8_t * data = malloc(description_size);
786 SOSCreateErrorWithFormat(kSOSErrorEncodeFailure, NULL, error, NULL, CFSTR("Description alloc failed"));
789 uint8_t *data_end = data + description_size;
790 uint8_t *encoded = der_encode_plist(peer->description, error, data, data_end);
794 SOSCreateErrorWithFormat(kSOSErrorEncodeFailure, NULL, error, NULL, CFSTR("Description encode failed"));
798 ccdigest_update(di, ctx, description_size, data);
806 static CFDataRef sosCreateDate() {
807 CFDateRef now = CFDateCreate(NULL, CFAbsoluteTimeGetCurrent());
808 size_t bufsiz = der_sizeof_date(now, NULL);
810 der_encode_date(now, NULL, buf, buf+bufsiz);
812 return CFDataCreate(NULL, buf, bufsiz);
815 static CFDateRef sosCreateCFDate(CFDataRef sosdate) {
817 der_decode_date(NULL, 0, &date, NULL, CFDataGetBytePtr(sosdate),
818 CFDataGetBytePtr(sosdate) + CFDataGetLength(sosdate));
822 static bool sospeer_application_hash(SOSPeerInfoRef pi, const struct ccdigest_info *di, uint8_t *hbuf) {
823 CFDataRef appdate = asData(CFDictionaryGetValue(pi->description, sApplicationDate), NULL);
824 if(!appdate) return false;
825 ccdigest_di_decl(di, ctx);
826 ccdigest_init(di, ctx);
827 ccdigest_update(di, ctx, CFDataGetLength(appdate), CFDataGetBytePtr(appdate));
828 if (!SOSPeerInfoUpdateDigestWithPublicKeyBytes(pi, di, ctx, NULL)) return false;
829 ccdigest_final(di, ctx, hbuf);
833 SOSPeerInfoRef SOSPeerInfoCopyAsApplication(SOSPeerInfoRef original, SecKeyRef userkey, SecKeyRef peerkey, CFErrorRef *error) {
834 SOSPeerInfoRef result = NULL;
835 SOSPeerInfoRef pi = SOSPeerInfoCreateCopy(kCFAllocatorDefault, original, error);
837 const struct ccdigest_info *di = ccsha256_di();
838 uint8_t hbuf[di->output_size];
839 CFDataRef usersig = NULL;
841 CFDataRef creationDate = sosCreateDate();
842 CFDictionarySetValue(pi->description, sApplicationDate, creationDate);
843 CFReleaseNull(creationDate);
845 // Create User Application Signature
846 require_action_quiet(sospeer_application_hash(pi, di, hbuf), fail,
847 SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Failed to create hash for peer applicant"), NULL, error));
849 usersig = sosCopySignedHash(userkey, di, hbuf);
850 require_action_quiet(usersig, fail,
851 SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Failed to sign public key hash for peer"), NULL, error));
853 CFDictionarySetValue(pi->description, sApplicationUsig, usersig);
854 pi->verifiedAppKeyID = SOSCopyIDOfKey(userkey, error);
855 if(pi->verifiedAppKeyID == NULL) {
856 secnotice("PICache", "failed to get userKeyID");
858 pi->verifiedResult = true;
860 require_quiet(SOSPeerInfoSign(peerkey, pi, error), fail);
866 CFReleaseNull(usersig);
871 bool SOSPeerInfoApplicationVerify(SOSPeerInfoRef pi, SecKeyRef userkey, CFErrorRef *error) {
872 const struct ccdigest_info *di = ccsha256_di();
873 uint8_t hbuf[di->output_size];
875 CFStringRef userKeyID = NULL;
877 // If we've already succeeded signature check with this key move on.
878 require_action_quiet(userkey, exit, SOSErrorCreate(kSOSErrorNoKey, error, NULL, CFSTR("Can't validate PeerInfos with no userKey")));
879 userKeyID = SOSCopyIDOfKey(userkey, error);
880 require_action_quiet(!CFEqualSafe(userKeyID, pi->verifiedAppKeyID), exit, result = pi->verifiedResult);
882 // verifiedAppKeyID was NULL or not the key we're looking for - clear it.
883 CFReleaseNull(pi->verifiedAppKeyID);
884 pi->verifiedResult = false;
885 CFDataRef usig = CFDictionaryGetValue(pi->description, sApplicationUsig);
886 require_action_quiet(usig, exit,
887 SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Peer is not an applicant"), NULL, error));
888 // Verify User Application Signature
889 require_action_quiet(sospeer_application_hash(pi, di, hbuf), exit,
890 SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Failed to create hash for peer applicant"), NULL, error));
891 require_action_quiet(sosVerifyHash(userkey, di, hbuf, usig), exit,
892 SOSCreateError(kSOSErrorUnexpectedType, CFSTR("user signature of public key hash fails to verify"), NULL, error));
893 // Remember the userkey we validated for this peerinfo.
894 pi->verifiedAppKeyID = CFStringCreateCopy(kCFAllocatorDefault, userKeyID);
895 pi->verifiedResult = true;
897 result = SOSPeerInfoVerify(pi, error);
900 CFReleaseNull(userKeyID);
905 static CF_RETURNS_RETAINED CFDateRef sosPeerInfoGetDate(SOSPeerInfoRef pi, CFStringRef entry) {
907 CFDataRef sosdate = CFDictionaryGetValue(pi->description, entry);
908 if(!sosdate) return NULL;
909 CFDateRef date = sosCreateCFDate(sosdate);
914 CF_RETURNS_RETAINED CFDateRef SOSPeerInfoGetApplicationDate(SOSPeerInfoRef pi) {
915 return sosPeerInfoGetDate(pi, sApplicationDate);
918 CF_RETURNS_RETAINED CFDateRef SOSPeerInfoGetRetirementDate(SOSPeerInfoRef pi) {
919 return sosPeerInfoGetDate(pi, sRetirementDate);
928 CFStringRef SOSPeerGestaltGetName(CFDictionaryRef gestalt) {
929 CFStringRef name = SOSPeerGestaltGetAnswer(gestalt, kPIUserDefinedDeviceNameKey);
930 return isString(name) ? name : NULL;
933 CFTypeRef SOSPeerGestaltGetAnswer(CFDictionaryRef gestalt, CFStringRef question) {
934 return gestalt ? CFDictionaryGetValue(gestalt, question) : NULL;
942 SOSPeerInfoRef SOSPeerInfoCreateRetirementTicket(CFAllocatorRef allocator, SecKeyRef privKey, SOSPeerInfoRef peer, CFErrorRef *error) {
944 SOSPeerInfoRef pi = SOSPeerInfoCreateCopy(allocator, peer, error);
948 // Fill out Resignation Date
949 CFDataRef resignationDate = sosCreateDate();
950 CFDictionaryAddValue(pi->description, sRetirementDate, resignationDate);
951 CFReleaseNull(resignationDate);
953 require(SOSPeerInfoSign(privKey, pi, error), fail);
962 CFStringRef SOSPeerInfoInspectRetirementTicket(SOSPeerInfoRef pi, CFErrorRef *error) {
963 CFStringRef retval = NULL;
964 CFDateRef now = CFDateCreate(NULL, CFAbsoluteTimeGetCurrent());
965 CFDateRef retirement = NULL;
967 require_quiet(SOSPeerInfoVerify(pi, error), err);
969 retirement = sosCreateCFDate(CFDictionaryGetValue(pi->description, sRetirementDate));
970 require_action_quiet(retirement, err,
971 SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Peer is not retired"), NULL, error));
973 require_action_quiet(CFDateCompare(now, retirement, NULL) == kCFCompareGreaterThan, err,
974 SOSCreateError(kSOSErrorUnexpectedType, CFSTR("Retirement date is after current date"), NULL, error));
976 retval = SOSPeerInfoGetPeerID(pi);
980 CFReleaseNull(retirement);
984 bool SOSPeerInfoRetireRetirementTicket(size_t max_seconds, SOSPeerInfoRef pi) {
985 CFDateRef now = CFDateCreate(NULL, CFAbsoluteTimeGetCurrent());
986 CFDateRef retirement = sosCreateCFDate(CFDictionaryGetValue(pi->description, sRetirementDate));
987 CFTimeInterval timediff = CFDateGetTimeIntervalSinceDate(now, retirement); // diff in seconds
989 CFReleaseNull(retirement);
990 if(timediff > (max_seconds)) return true;
994 static const void *SOSGetDescriptionValue(SOSPeerInfoRef pi, const void *key) {
995 if(pi && pi->description) {
996 return CFDictionaryGetValue(pi->description, key);
1001 bool SOSPeerInfoIsRetirementTicket(SOSPeerInfoRef pi) {
1002 CFDataRef flag = SOSGetDescriptionValue(pi, sRetirementDate);
1003 return flag != NULL;
1006 bool SOSPeerInfoIsCloudIdentity(SOSPeerInfoRef pi) {
1007 CFTypeRef value = SOSGetDescriptionValue(pi, sCloudIdentityKey);
1008 return CFEqualSafe(value, kCFBooleanTrue);
1011 SOSPeerInfoRef SOSPeerInfoUpgradeSignatures(CFAllocatorRef allocator, SecKeyRef privKey, SecKeyRef peerKey, SOSPeerInfoRef peer, CFErrorRef *error) {
1012 SecKeyRef pubKey = SecKeyCreatePublicFromPrivate(privKey);
1013 SOSPeerInfoRef retval = NULL;
1015 retval = SOSPeerInfoCopyAsApplication(peer, privKey, peerKey, error);
1016 CFReleaseNull(pubKey);
1020 void SOSPeerInfoSetOctagonKeysInDescription(SOSPeerInfoRef peer, SecKeyRef octagonSigningKey,
1021 SecKeyRef octagonEncryptionKey, CFErrorRef *error)
1023 CFDataRef signingPublicKeyBytes = NULL;
1024 CFDataRef encryptionPublicKeyBytes = NULL;
1026 OSStatus copySigningKeyResult = SecKeyCopyPublicBytes(octagonSigningKey, &signingPublicKeyBytes);
1027 OSStatus copyEncryptionKeyResult = SecKeyCopyPublicBytes(octagonEncryptionKey, &encryptionPublicKeyBytes);
1029 require_action_quiet(errSecSuccess == copySigningKeyResult, fail, SecError(copySigningKeyResult, error, CFSTR("failed to copy signing public key bytes")));
1030 require_action_quiet(errSecSuccess == copyEncryptionKeyResult, fail, SecError(copyEncryptionKeyResult, error, CFSTR("failed to copy encryption public key bytes")));
1033 CFDictionarySetValue(peer->description, sOctagonPeerSigningPublicKeyKey, signingPublicKeyBytes);
1034 CFDictionarySetValue(peer->description, sOctagonPeerEncryptionPublicKeyKey, encryptionPublicKeyBytes);
1037 CFReleaseNull(signingPublicKeyBytes);
1038 CFReleaseNull(encryptionPublicKeyBytes);
1042 static SOSPeerInfoRef CF_RETURNS_RETAINED
1043 SOSPeerInfoSetBothOctagonKeys(CFAllocatorRef allocator,
1044 SOSPeerInfoRef toCopy,
1045 CFStringRef descriptionSigningKey,
1046 CFStringRef descriptionEncryptionKey,
1047 SecKeyRef octagonSigningKey,
1048 SecKeyRef octagonEncryptionKey,
1049 SecKeyRef signingKey,
1052 CFDataRef signingPublicKeyBytes = NULL;
1053 CFDataRef encryptionPublicKeyBytes = NULL;
1055 SOSPeerInfoRef pi = NULL;
1057 OSStatus copySigningKeyResult = SecKeyCopyPublicBytes(octagonSigningKey, &signingPublicKeyBytes);
1058 OSStatus copyEncryptionKeyResult = SecKeyCopyPublicBytes(octagonEncryptionKey, &encryptionPublicKeyBytes);
1060 require_action_quiet(0 == copySigningKeyResult, fail, SecError(copySigningKeyResult, error, CFSTR("failed to copy signing public key bytes")));
1061 require_action_quiet(0 == copyEncryptionKeyResult, fail, SecError(copyEncryptionKeyResult, error, CFSTR("failed to copy encryption public key bytes")));
1063 pi = SOSPeerInfoCopyWithModification(allocator, toCopy, signingKey, error,
1064 ^bool(SOSPeerInfoRef peerToModify, CFErrorRef *error) {
1065 if(peerToModify && peerToModify->description && signingPublicKeyBytes && descriptionSigningKey && encryptionPublicKeyBytes && descriptionEncryptionKey) {
1066 CFDictionarySetValue(peerToModify->description, descriptionSigningKey, signingPublicKeyBytes);
1067 CFDictionarySetValue(peerToModify->description, descriptionEncryptionKey, encryptionPublicKeyBytes);
1069 SecError(errSecParam, error, CFSTR("Bad key bytes or dictionary key"));
1076 CFReleaseNull(signingPublicKeyBytes);
1077 CFReleaseNull(encryptionPublicKeyBytes);
1081 SOSPeerInfoRef CF_RETURNS_RETAINED
1082 SOSPeerInfoSetOctagonKeys(CFAllocatorRef allocator,
1083 SOSPeerInfoRef toCopy,
1084 SecKeyRef octagonSigningKey,
1085 SecKeyRef octagonEncryptionKey,
1086 SecKeyRef signingKey,
1089 return SOSPeerInfoSetBothOctagonKeys(allocator, toCopy, sOctagonPeerSigningPublicKeyKey, sOctagonPeerEncryptionPublicKeyKey, octagonSigningKey, octagonEncryptionKey, signingKey, error);
1092 static SOSPeerInfoRef CF_RETURNS_RETAINED
1093 SOSPeerInfoSetOctagonKey(CFAllocatorRef allocator,
1094 SOSPeerInfoRef toCopy,
1095 CFStringRef descriptionKey,
1096 SecKeyRef octagonKey,
1097 SecKeyRef signingKey,
1100 CFDataRef publicKeyBytes = NULL;
1101 SOSPeerInfoRef pi = NULL;
1103 OSStatus copyResult = SecKeyCopyPublicBytes(octagonKey, &publicKeyBytes);
1104 require_action_quiet(0 == copyResult, fail, SecError(copyResult, error, CFSTR("failed to copy public key bytes")));
1106 pi = SOSPeerInfoCopyWithModification(allocator, toCopy, signingKey, error,
1107 ^bool(SOSPeerInfoRef peerToModify, CFErrorRef *error) {
1108 if(peerToModify && peerToModify->description && publicKeyBytes && descriptionKey) {
1109 CFDictionarySetValue(peerToModify->description, descriptionKey, publicKeyBytes);
1111 SecError(errSecParam, error, CFSTR("Bad key bytes or dictionary key"));
1118 CFReleaseNull(publicKeyBytes);
1122 SOSPeerInfoRef CF_RETURNS_RETAINED
1123 SOSPeerInfoSetOctagonSigningKey(CFAllocatorRef allocator,
1124 SOSPeerInfoRef toCopy,
1125 SecKeyRef octagonSigningKey,
1126 SecKeyRef signingKey,
1129 return SOSPeerInfoSetOctagonKey(allocator, toCopy, sOctagonPeerSigningPublicKeyKey, octagonSigningKey, signingKey, error);
1132 SOSPeerInfoRef CF_RETURNS_RETAINED
1133 SOSPeerInfoSetOctagonEncryptionKey(CFAllocatorRef allocator,
1134 SOSPeerInfoRef toCopy,
1135 SecKeyRef octagonEncryptionKey,
1136 SecKeyRef signingKey,
1139 return SOSPeerInfoSetOctagonKey(allocator, toCopy, sOctagonPeerEncryptionPublicKeyKey, octagonEncryptionKey, signingKey, error);
1142 CFStringRef SOSPeerInfoCopyTransportType(SOSPeerInfoRef peer){
1143 CFStringRef transportType = (CFStringRef)SOSPeerInfoV2DictionaryCopyString(peer, sTransportType);
1144 return (transportType ? transportType : CFRetain(SOSTransportMessageTypeKVS));
1147 bool SOSPeerInfoKVSOnly(SOSPeerInfoRef pi) {
1148 CFStringRef transportType = SOSPeerInfoCopyTransportType(pi);
1149 bool retval = CFEqualSafe(transportType, SOSTransportMessageTypeKVS);
1150 CFReleaseNull(transportType);
1154 CFStringRef SOSPeerInfoCopyDeviceID(SOSPeerInfoRef peer){
1155 return CFSTR("not implemented");
1158 SOSPeerInfoDeviceClass SOSPeerInfoGetClass(SOSPeerInfoRef pi) {
1159 static CFDictionaryRef devID2Class = NULL;
1160 static dispatch_once_t onceToken = 0;
1162 dispatch_once(&onceToken, ^{
1163 CFNumberRef cfSOSPeerInfo_macOS = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_macOS);
1164 CFNumberRef cfSOSPeerInfo_iOS = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_iOS);
1165 CFNumberRef cfSOSPeerInfo_iCloud = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_iCloud);
1166 // CFNumberRef cfSOSPeerInfo_watchOS = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_watchOS);
1167 // CFNumberRef cfSOSPeerInfo_tvOS = CFNumberCreateWithCFIndex(kCFAllocatorDefault, SOSPeerInfo_tvOS);
1169 devID2Class = CFDictionaryCreateForCFTypes(kCFAllocatorDefault,
1170 CFSTR("Mac Pro"), cfSOSPeerInfo_macOS,
1171 CFSTR("MacBook"), cfSOSPeerInfo_macOS,
1172 CFSTR("MacBook Pro"), cfSOSPeerInfo_macOS,
1173 CFSTR("iCloud"), cfSOSPeerInfo_iCloud,
1174 CFSTR("iMac"), cfSOSPeerInfo_macOS,
1175 CFSTR("iPad"), cfSOSPeerInfo_iOS,
1176 CFSTR("iPhone"), cfSOSPeerInfo_iOS,
1177 CFSTR("iPod touch"), cfSOSPeerInfo_iOS,
1179 CFReleaseNull(cfSOSPeerInfo_macOS);
1180 CFReleaseNull(cfSOSPeerInfo_iOS);
1181 CFReleaseNull(cfSOSPeerInfo_iCloud);
1183 SOSPeerInfoDeviceClass retval = SOSPeerInfo_unknown;
1184 CFStringRef dt = SOSPeerInfoGetPeerDeviceType(pi);
1185 require_quiet(dt, errOut);
1186 CFNumberRef classNum = CFDictionaryGetValue(devID2Class, dt);
1187 require_quiet(classNum, errOut);
1189 require_quiet(CFNumberGetValue(classNum, kCFNumberCFIndexType, &tmp), errOut);
1190 retval = (SOSPeerInfoDeviceClass) tmp;